Re: Spec needed for ima-modsig template

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/4/2020 6:32 PM, Mimi Zohar wrote:

The "sig" and "modsig" hash algorithms are independent
of each other.  They might or might not be the same.


My question was about the d-modsig hash algorithm. Should the spec say:
1 - If d-ng and d-modsig are both present, the hash algorithms MUST be the same.
I did have a question about the 'd-ng | sig | sig' template. Is that an error or could a file be signed with e.g. both RSA-2048 and RSA-3072? 

Etc.  You can see where I'm going - precise rules for an IMA log verifier.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux